Fix CVE-2017-13720.

Copied from upstream source repository:
<https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608>


From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@suse.com>
Date: Thu, 20 Jul 2017 13:38:53 +0200
Subject: Check for end of string in PatternMatch (CVE-2017-13720)

If a pattern contains '?' character, any character in the string is skipped,
even if it is '\0'. The rest of the matching then reads invalid memory.

Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Julien Cristau <jcristau@debian.org>

diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c
index 4ce2473..996b7d1 100644
--- a/src/fontfile/fontdir.c
+++ b/src/fontfile/fontdir.c
@@ -400,8 +400,10 @@ PatternMatch(char *pat, int patdashes, char *string, int stringdashes)
 		}
 	    }
 	case '?':
-	    if (*string++ == XK_minus)
+	    if ((t = *string++) == XK_minus)
 		stringdashes--;
+	    if (!t)
+		return 0;
 	    break;
 	case '\0':
 	    return (*string == '\0');
-- 
cgit v0.10.2

